CVE-2015-2042

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry...

Active DoS Exploits for MS15-034 Under Way

UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop. In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack,...

CVE-2015-1094

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app...

Design/Logic Flaw

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app...

Design/Logic Flaw

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app...

CVE-2015-1097

CVE-2015-1097 affects IOMobileFramebuffer in Apple iOS (before 8.3) and Apple TV (before 7.2). The issue allows a crafted app to disclose sensitive information from kernel memory due to a memory-disclosure vulnerability in MobileFrameBuffer, as described in the CVE entry. The Apple iOS 8.3 and Ap...

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, OS X before 10.10.3, and Apple TV before 7.2 contains a memory‑disclosure issue that allows a crafted app to obtain kernel memory information. The vulnerability is attributed to IOHIDFamily and is described as a memory corruption/memory disclosure risk; Apple’...

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app...

CVE-2015-1094

The connected WatchOS advisory (APPLE-SA-2015-05-19-1) confirms CVE-2015-1094 affects IOAcceleratorFamily and could allow a malicious app to disclose kernel memory. Description: the issue caused kernel memory disclosure and was mitigated by removing unneeded code in IOAcceleratorFamily; the fix i...

Apple iOS Memory Out-of-Bounds Access Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A memory out-of-bounds access vulnerability exists in the Apple iOS kernel, allowing malicious applications to read kernel memory or crash the system...

Debian DLA-103-1 : linux-2.6 security update

This security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features the upstream stable release 2.6.32.64 see https://lkml.org/lkml/2014/11/23/181 for more information for that. It fixes the CVEs described below. Note: if you are using the openvz flavor...

Null pointer dereference

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service NULL pointer dereference and blue...

Information disclosure

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possib...

Information disclosure

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possib...

CVE-2015-0087

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possib...

Microsoft Windows Kernel Mode Driver CVE-2015-0077 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information such as kernel memory contents. This may aid in launching further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2511-1)

A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service memory corruption or panic or possibly have unspecified impact via the keyctl commands. CVE-2014-9529 A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge...

CVE-2015-2041

net/llc/sysctlnetllc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry...

CVE-2015-2042

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry...

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types,...